DNS Leak due to Wireguard DNS and PiHole Upstream DNS

[mehravishay]

Hello

I have a Wireguard Client running without a DNS (Optional) and my LAN DNS is pointing towards my PiHole. However I am using a Quad9 DNS as my upstream on my PiHole which is causing a DNS Leak (technically not a leak because it isn't my ISP's DNS). I am having the same issue when I stream Disney+ on my network. It gives me a network error stating I am using VPN to connect.

I tried to connect via VPN on the Proton phone app to the same server as my Wireguard client and tried to input that DNS into the custom DNS upstream of PiHole but then it refuses to connect.

How can I ensure the Wireguard client DNS and my PiHole Upstream DNS is the same to avoid apps thinking its a DNS Leak?

 

[RMerlin]

Have either the PiHole source IP or the Quad9 destination IP configured within VPN Director.

 

[mehravishay]

Have either the PiHole source IP or the Quad9 destination IP configured within VPN Director.

​

I tried PiHoles source IP via the same WG server but now its giving me a DNS in Switzerland and Italy.

For the Quad9 destination IP approach, should this be in Remote IP section?

 

[RMerlin]

I tried PiHoles source IP via the same WG server but now its giving me a DNS in Switzerland and Italy.

Keep in mind that your Quad 9 exit node will be different when going through a VPN tunnel. Check what server it's actually giving you through that tunnel.

For the Quad9 destination IP approach, should this be in Remote IP section?

Yes. The source IP would either be empty or your PiHole IP, and the destination would be the Quad 9 IP your PiHole is using. Create two rules if necessary.

 

[mehravishay]

Keep in mind that your Quad 9 exit node will be different when going through a VPN tunnel. Check what server it's actually giving you through that tunnel.


Yes. The source IP would either be empty or your PiHole IP, and the destination would be the Quad 9 IP your PiHole is using. Create two rules if necessary.

This is what I have done. My PiHole is using Quad 9 as upstream DNS so I have added that in the VPN director and my PiHole is also pointed towards the Wireguard server.

However this is what I see in after tunnelling

 

[Ripshod]

i3d.net are quad9 partners since 2022 - no DNS leak

Quad9 bolsters its DNS coverage with i3D.net’s global network

i3D.net and Quad9 today announced their partnership where i3D.net will be supplying Quad9 with servers and network connectivity in several locations throughout Europe to power its DNS security service. The support of i3D.net for Quad9 enables a safer and more stable experience for Quad9 users...

www.i3d.net

 

[mehravishay]

i3d.net are quad9 partners - no DNS leak

My issue is my Wireguard IP and DNS are different and therefore streaming services always give me an error stating behind a VPN.

 

[RMerlin]

My issue is my Wireguard IP and DNS are different and therefore streaming services always give me an error stating behind a VPN.

They don't need to rely on the DNS to detect a VPN. The VPN's own IP address is how they detect it.

 

[mehravishay]

I was able to resolve this by changing my upstream DNS on the PiHole to my WireGuard providers DNS and then tunnelling my PiHole on my router through my WireGuard client